CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
95.6%
Multiple “input validation flaws” in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.
Vendor | Product | Version | CPE |
---|---|---|---|
foolabs | xpdf | 0.5a | cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:* |
foolabs | xpdf | 0.7a | cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:* |
foolabs | xpdf | 0.91a | cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:* |
foolabs | xpdf | 0.91b | cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:* |
foolabs | xpdf | 0.91c | cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:* |
foolabs | xpdf | 0.92a | cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:* |
foolabs | xpdf | 0.92b | cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:* |
foolabs | xpdf | 0.92c | cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:* |
foolabs | xpdf | 0.92d | cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:* |
foolabs | xpdf | 0.92e | cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:* |
lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html
lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
poppler.freedesktop.org/releases.html
rhn.redhat.com/errata/RHSA-2009-0458.html
secunia.com/advisories/34291
secunia.com/advisories/34481
secunia.com/advisories/34746
secunia.com/advisories/34755
secunia.com/advisories/34756
secunia.com/advisories/34852
secunia.com/advisories/34959
secunia.com/advisories/34963
secunia.com/advisories/34991
secunia.com/advisories/35037
secunia.com/advisories/35064
secunia.com/advisories/35065
secunia.com/advisories/35618
secunia.com/advisories/35685
slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477
www.debian.org/security/2009/dsa-1790
www.debian.org/security/2009/dsa-1793
www.kb.cert.org/vuls/id/196617
www.mandriva.com/security/advisories?name=MDVSA-2009:101
www.mandriva.com/security/advisories?name=MDVSA-2010:087
www.mandriva.com/security/advisories?name=MDVSA-2011:175
www.redhat.com/support/errata/RHSA-2009-0429.html
www.redhat.com/support/errata/RHSA-2009-0430.html
www.redhat.com/support/errata/RHSA-2009-0431.html
www.redhat.com/support/errata/RHSA-2009-0480.html
www.securityfocus.com/bid/34568
www.securitytracker.com/id?1022073
www.vupen.com/english/advisories/2009/1065
www.vupen.com/english/advisories/2009/1066
www.vupen.com/english/advisories/2009/1076
www.vupen.com/english/advisories/2009/1077
www.vupen.com/english/advisories/2010/1040
bugzilla.redhat.com/show_bug.cgi?id=495887
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11323
www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html
www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html
www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html